Ask HN: Using HTTP GET with request body
I have seen the well known announcement by Dropbox in 2015: https://blogs.dropbox.com/developers/2015/03/limitations-of-the-get-method-in-http/ and the response in Hacker News: https://news.ycombinator.com/item?id=9133469
As I understand it, there are three potential issues with a GET with request body:
(1) Not all servers will support this.
(2) Not all tools will support this (POSTMAN added support this year: https://github.com/postmanlabs/postman-app-support/issues/131)
(3) There is not yet a consensus on GET with request body. (For example, is Dropbox still using a POST)
I am not finding too many recent statements about this, I wanted to open up the question here and see what the current opinions are.
I heard that ElasticSearch is using GET request parameters in the body. It sounds like there are some who are against this approach: https://stackoverflow.com/questions/36939748/elasticsearch-get-request-with-request-body
(1) Does this make sense for a private server? (The answer here seems to be yes -- unless I am missing something)
(2) Does this make sense in general? If the tools needed support it, what is wrong with implementing a RESTful service that requires GET request parameters in the body?
18 comments
[ 4.9 ms ] story [ 54.1 ms ] threadOne alternative way is to use a different protocol rather than HTTP, if that is applicable for your use. Another way is to make up a new LONG_GET method.
One suggestion was to use a POST instead. On the surface, it seems like a Get with request body seems like such a straight forward approach that I am hoping that this will eventually become standard.
As far as I can tell, the only argument against this approach is that it is not standard. If it was a common approach and there was consistently 3rd-party support, would there be a problem with this approach?
For example, will you need to use a 3rd party request library? Will you need to set up some sort of proxy (NGINX, HAProxy, etc.)? Will you need to use a cloud load balancer (I'm not sure if they would send a request payload for GET requests)?
For open-source solutions you might be able to fork them to add this behavior but why do so to begin with? Is there a specific reason why you don't want to use query parameters?
I agree that it is well worth keeping this in mind and checking on the state of third party support.
Would you happen to know which popular 3rd party tools do not currently support a GET with request body?
A dumb idea would be to encapsulate various options into a single query parameter. Compressing query parameter's names and values and encoding them in base64 (or some other base of your choice) might also help. But all of this will just add tons of needless complexity to it.
Do you really NEED 20+ query parameters?
I am curious, though. What are you actually trying to achieve here?
So, from my view, the question is whether it is better to use a GET with a request body or use something such as a POST even though the request is read only.
Can't you use a range for said ids? Like
GET /blah?from_id=0&to_id=2000
Or are these said ids distinct from each other, like
GET /blah?id1=v&id2=v&idN=v ...
until id2000?
If the latter is what you're dealing with then this looks like bad design, IMHO. You might need to redesign this if possible, otherwise you'll be building on a house of cards. It's just a matter of time.
Based on the discussion here (thanks to everyone!), we have decided to use a POST instead of GET. :-)
The reasoning is that while GET works fine now, there is always a chance that it will not work in the future either because of security decisions by DevOps or because of use of a third-party tool that does not support GET with request body.
I'm not clear why using parameters in the GET request body would do weird things with the cache but using parameters in the POST request body will not hit these issues.
You can get some inspiration from GraphQL for your use case. All GraphQL queries are POST requests with body specifying what data the client needs.
Cheers.